A security audit carried out by German cybersecurity outfit Cure 53 has found a number of vulnerabilities in the Mozilla VPN apps and clients. Carried out in August, the exercise brought up two medium vulnerabilities and one item of concern that was rated as high.
The latter, FVP-02-014, could have potentially exposed customers to cross-site WebSocket hijacking attempts but that issue was identified and fixed by Cure53 during the audit. As such, no customers were affected and the security risk no longer exists.
Mozilla VPN was launched nearly 20 years ago by the foundation, best known for its Firefox web browser. It has also expanded its portfolio with an identity theft protection tool, a content curation service and an email tool for privacy fans called Firefox relay.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
>> Click here to start the survey in a new window <<
When we reviewed it in 2020, Mozilla VPN was not able to match stalwarts like ExpressVPN or NordVPN, as despite its low monthly price, it had too few features and access limited to five registered devices. Since we last tested it, Mozilla has grown its VPN to cover 30+ countries across five platforms, 28 languages and more than 400 servers.
Mozilla has also hinted at an upcoming refresh in the next couple of weeks with what it calls “new and exciting” security and customization features.
Audits as selling points
Audits come in different shapes. Mozilla’s one focused on security while others look at data logging (and whether a VPN company sticks to its no-log promise). In a bid to differentiate themselves from rivals and rise above others in a very crowded market, a growing number of VPN providers have jumped on the audit bandwagon.
But doing an audit costs money and requires human resources that smaller outfits may not have at hand. In other words, audits may turn out to be a useful tool that to help separate between serious VPN providers and fly-by-night ones.
The full report can be read on Mozilla’s website.